package com.origin.onlinesys.web.security.shiro.realms;

import com.origin.onlinesys.common.services.IShiroPermissionsService;
import com.origin.onlinesys.domain.modules.interviewsys.Account;
import com.origin.onlinesys.service.modules.user.IAccountService;
import com.origin.onlinesys.service.modules.user.IRolesService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;


/**
 *
 * Created by Administrator on 2015/1/7.
 * 数据库获取权限
 * shiro 用户登录授权
 */
public class DbAuthenticationRealm extends AuthorizingRealm {

    //用户信息
    @Autowired
    IAccountService service;

    //用户权限
    @Autowired
    IShiroPermissionsService permissionsService;

    //用户角色
    @Autowired
    IRolesService rolesService;

    //密码加密
    @Autowired
    DefaultPasswordService passwordService;

    /**
     * 设置用户权限
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Account account = (Account)principals.getPrimaryPrincipal();
        String id = account.getId();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //查询所有角色
//        info.addRoles(rolesService.selectByUserId(id));
        //查询权限
        info.addStringPermissions(permissionsService.selectByUserIdAsStrPermissions(id));
        return info;
    }

    /**
     * 用户信息验证
     * @param token
     * @return
     * @throws org.apache.shiro.authc.AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //获取登录令牌
        UsernamePasswordToken token1 = (UsernamePasswordToken)token;

        //获得用户名
        final String userName = token1.getUsername();
        final char[] password = token1.getPassword();

        if(userName == null || password == null)
            throw new UnknownAccountException("账号不能为空");

        //获得加密之后的密码
        String hashPassword = passwordService.encryptPassword(password);

        //查询到用户信息
        Account account = service.selectByUserNameAndPassword(userName, hashPassword);

        if(account == null)
            throw new UnknownAccountException("账号错误");

        //返回实体类由父类就行密码校验
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(
                account,
                account.getPassword(),
                account.getRealname());
        return info;
    }

    /**
     * 清除所有用户授权信息缓存.
     */
    public void clearAllCachedAuthorizationInfo() {
        Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
        if (cache != null) {
            for (Object key : cache.keys()) {
                cache.remove(key);
            }
        }
    }
}
